Is mailgun.org still vulnerable??

EdOverflow / can-i-take-over-xyz

"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.

Creative Commons Attribution 4.0 International

4.75k stars 704 forks source link

Is mailgun.org still vulnerable?? #393

Open paxnull opened 10 months ago

paxnull commented 10 months ago

Service name

mailgun.org

Proof

Screenshot 2023-11-14 182105

Documentation

I have this target that the cname is pointing to mailgun.org and i try to taking over it, but the only verified is the SPF and MX records , the DKIM and cname was not verified, so the question is , is this still vulnerable??

muslimfrompk commented 9 months ago

No I have a similar target but while trying to register the give a response like this: ` HTTP/2 400 Bad Request xxxxxxxxxx:xxxx xxxxxxx:xxxxxx Cache-Control: no-store Content-Type: application/json; charset=utf-8 Date: Sat, 18 Nov 2023 16:41:26 GMT Strict-Transport-Security: max-age=63072000; includeSubDomains X-Mailgun-Key-Id: xxxxxxx X-Xss-Protection: 1; mode=block Content-Length: 59

{"message":"while creating domain: domain already exists"} `

muslimfrompk commented 9 months ago

So it does not seem to be vulnerable in our case

paxnull commented 9 months ago

thanks for that

vegeta2op commented 7 months ago

Yes , It's MX takeover but the mail lands in spam + you can only send it to yourself and the users you have verified